When I was looking for a way to tell the Nginx to let all GET requests through the separate user list and all other requests (e.g. POST, PUT, etc) should be authenticated via the different user lists. This Nginx configuration allows restricting access via different methods to separate users.

This is very useful for the private docker registries, where you want every member of your team to be able to fetch Docker images, but only some users example admin, super admin to push new images to the registry.

Example:

User write team can use GET, POST, PUT, DELETE and everything else.

User read team can only use GET and HEAD.

Anonymous users are denied access entirely.

Nginx-basic-auth-with-registry

We can use limit_except to configure this setup in Nginx.

Limits allowed HTTP methods inside a location.

Syntax: limit_except method ... { ... }

The method parameter can be one of the following: GET, HEAD, POST, PUT, DELETE, MKCOL, COPY, MOVE, OPTIONS, PROPFIND, PROPPATCH, LOCK, UNLOCK, or PATCH. Allowing the GET method makes the HEAD method also allowed.